Wednesday, September 14, 2016

In this post, I will explain how to use Email OTP two authenticator through WSO2 Identity server. In this demonstration, I am using SMTP mail transport which was used to send the OTP code via email at the time authentication happens.

Add the authenticator configuration <IS_HOME>/repository/conf/identity/application-authentication.xml file under the <AuthenticatorConfigs> section.

Add the email template in the <IS_HOME>/repository/conf/email/email-admin-config.xml file.

<configuration type="EmailOTP">

<targetEpr></targetEpr>

<subject>WSO2 IS EmailOTP Authenticator One Time Password</subject>

<body>

Hi,

Please use this OTP {OTPCode} to go with EmailOTP authenticator.

</body>

<footer>

Best Regards,

WSO2 Identity Server Team

http://www.wso2.com

</footer>

<redirectPath></redirectPath>

</configuration>

When
authentication is happening in second step, the code will be sent to
email which is saved in email claim of user's user profile.If the user apply the code, WSO2 IS will validate the code and let the user sign in accordingly.

In this post, I will explain how to use SMS OTP multifactor authenticator through WSO2 Identity server. In this demonstration, I am using Twilio SMS Provider which was used to send the OTP code via SMS at the time authentication happens.

SMS OTP Authentication Flow

The SMS OTP authenticator of WSO2 Identity Server allows to authenticate the system using multifactor authentication. This authenticator authenticates with user name and password as a first step, then sending the one time password to the mobile via SMS as a second step. WSO2 IS will validate the code and let the user sign in accordinglyAdd the authenticator configuration <IS_HOME>/repository/conf/identity/application-authentication.xml file under the <AuthenticatorConfigs> section.

Configure the Service Provider and Identity Provider Configuration as we normally configure for Two factor authentication. Now we will configure SMS OTP Identity provider for Twilio specific SMS Provider.

Go to ​ https://www.twilio.com/try­twilio​ and create a twilio account.While registering the account, verify your mobile number and click on console homehttps://www.twilio.com/console​ to get free credits (Account SID and Auth Token).

Twilio uses a POST method with headers and the text message and phone number are sent asthe payload. So the fields would be as follows.

You can go to SMS OTP Identity Provider and configure to send the SMS using Twilio SMS Provider.

Twilio SMS Provider Config

When authentication is happening in second step, the code will be sent to mobile no which is saved in mobile claim of user's user profile.If the user apply the code, WSO2 IS will validate the code and let the user sign in accordingly.